Securing the future: Cybersecurity

According to the Cybersecurity and Infrastructure Security Agency (CISA), cyberattacks cost the US economy $242 billion annually. Fortunately, just as cybercriminals are evolving with new techniques and strategies, so are the security and information technology professionals responsible for stopping them.

Now that 2023 is behind us, let’s look forward at some of the new security technologies that can be used to safeguard industrial networks and investigate the cybersecurity trends that we believe will influence the coming year.

1. Machine Learning-Powered Malware Detection

Network security professionals are turning to Machine Learning (ML) to improve the detection and classification of malware. ML programs can learn behavioral patterns shared by different malware types by analyzing millions of representative malware samples, combined with input from humans, or the program’s own queries. Updates and frequent retraining enrich the ML model to detect malware code despite the threat of bad actors releasing new versions of malware files. Besides the detection of malware, ML can identify threats to the operations of an industrial network by uncovering suspicious user behavior inside and outside the organization.

2. Quantum-resistant Encryption Algorithms

Data scientists fear that a powerful quantum computer may soon be able to breach the encryption algorithms that protect and authenticate digital information. Data today is kept private thanks to cryptographic techniques managed by the National Institute of Standards and Technology (NIST). A modern computer would need trillions of years to use brute force to break just one set of NIST encryption keys, yet according to Shor’s Algorithm, a quantum computer could do it in just days, therefore making all the world’s data vulnerable to cyberattacks. This year, the NIST is on schedule to standardize four quantum-resistant encryption algorithms, a process that will involve the NIST creating guidelines to ensure the new algorithms are used correctly.

3. Spikes in Ransomware Attacks

Financially motivated ransomware attacks were up 95 percent in 2023, year over year. In 2024 we expect to see a similar spike in both the frequency and the sophistication of ransomware attacks on industrial networks. Aided by AI, hackers are increasingly using social engineering, phishing, and zero-day vulnerability to identify system weaknesses to exploit. Reflecting the brazenness of hackers is so-called “RaaS” or Ransomware-as-a-Service. Hidden in the shadowy crevices of the Dark Web, RaaS is malicious software that lets the technologically unsavvy hold computers and industrial networks for ransom, a move that will certainly increase the occurrence of attacks and the potential number of attackers in 2024.

Escalating ransomware attacks will heighten the need for better cyber hygiene. This goes beyond encouraging employees to not open email attachments. All employees need to regularly back up data files. Operating systems and software must be kept up to date with the latest security patches. Installing antivirus software and firewalls will help protect vulnerable network applications, endpoints, and servers, while segmenting networks will prevent ransomware from spreading across the enterprise. Remember, something as simple as an open, unprotected port on an industrial-managed switch can be an invitation to a ransomware attack.

4. Ramping up IIoT Device Security

This is the year we’ll see industrial device security come to the forefront, especially with industrial switches and sensors. Industrial networks contain sensitive data that make them an inviting target for hackers seeking proprietary intellectual property. SCADA, PLCs, Industrial Control Systems, and Distributed Control Systems have been hardened and networks segmented to create a defensible environment. Yet a sophisticated hacker can still find entry into an industrial network via interconnected devices, whether it’s a remote sensor or a local industrial Ethernet switch. Each endpoint creates a potential opportunity for criminals to access private information or, worse, the main network. Configuring endpoint devices securely calls for identifying and monitoring access, setting up devices to submit logs and alarms to a centralized security monitoring system, requiring authorized devices and services be verified before deployment, and increasing confidentiality by encrypting configuration data. Implementing multi-factor authentication is another critical step in device cybersecurity, as is creating password policies prioritizing length over complexity.

5. Zero Trust Framework Adoption

Zero Trust (ZT) architecture assumes that no user, device, computer system, or service inside or outside the organization should be trusted to gain unauthorized access until verified. In 2024, we expect to see more industrial networks embracing ZT as a proactive way to reduce vulnerabilities in increasingly complex hybrid environments. Also playing a role in ZT’s rapid adoption will be more stringent regulatory compliance demands and the diminishing effectiveness of “moat and gate” perimeter security. Based on NIST 800-207 guidelines, ZT begins with the idea that everything on the network is hostile or breached. Access is only allowed after user identification, device health, data classification, and service or workload have been confirmed. Next, ZT will assign a degree of risk to the connection request after inspecting it for threats or anomalies. Once a risk score is assigned, the network decides whether to deny the request or grant full access or Just-Enough Access (JEA). Network micro-segmentation and least privileged access practices are applied to minimize the blast radius of any potential breach.

6. Regulatory Changes

Cybersecurity regulations are continually evolving to keep pace with the shifting threat landscape. With privacy and data protection at the industry forefront, 2024 may see new or updated regulations that impose stricter compliance requirements on private sector organizations. For instance, the Cybersecurity and Infrastructure Security Agency (CISA) is expected to publish a notice of proposed rulemaking by March 15, 2024, under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This notice will propose reporting requirements for critical infrastructure entities for specific cybersecurity incidents and ransomware payments. Antaira will be monitoring this development to determine its impact on industrial networks.

7. Security Awareness and Training

With most security breaches resulting from human error, cybersecurity training and awareness programs will remain critical in 2024. Organizations will invest more in educating employees to recognize and respond to threats. Whereas topics such as email passwords, phishing attacks, and social media use were previous focuses, cybersecurity training has broadened to take on new vulnerabilities in work-from-home safety, cloud security, mobile device use, and the dangers of public Wi-Fi. Regular training will help keep cybersecurity top-of-mind for all employees.

Cybersecurity in 2024

As the digital landscape evolves, so do the tactics and strategies employed by cybercriminals and malicious actors. It’s crucial for those involved with industrial networks to stay informed about the latest cybersecurity trends to protect their data and assets effectively. By adopting zero-trust practices, improving device security, adhering to regulatory changes, and enhancing security awareness and communication amongst employees, you can bolster defenses and stay one step ahead of cyber threats in 2024.

———————-

Antaira Technologies is a leading developer and manufacturer that provides high-quality industrial networking and communication product solutions.

www.antaira.com